[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How 2 Secure the repository?

From: Douglas Finkle
Subject: RE: How 2 Secure the repository?
Date: Mon, 11 Mar 2002 13:10:01 -0500

> Environment: cvs 1.11.1p running on unix. Clients are mostly 
> wincvs1.13.7+ 
> (in-house modifications to prevent password display on the 
> screen)


> plink for ssh connection.

Also, use Pageant on Windows. UNIX will require ssh-agent for 
the same functionality.

> Developers have valid login on unix server and are 
> members of the cvs and users groups.
> How do I protect the repository from developers modifying or 
> deleting code directly without using cvs? Any protection scheme 
> we've been able to think of either locks them out completely or 
> has loop holes.

You take away login access. Do this by setting their hashed passwd
in /etc/shadow to "NP", and add a line to their SSH authorization file
on the server side to _only_ allow the command 'cvs server'. The
O' Reilly SSH book explains this pretty clearly.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]